| Author |
Message |
Doug Danco
Guest
|
 Posted:
Thu Jan 13, 2005 6:39 pm Post subject:
Restoring group object from system state backup |
|
|
Hello,
I did a system state backup a couple of weeks ago and it turns out a group
got deleted out of Active Dir. I rebooted the Domain Controller and pressed
F8 to get into Dir. Serv. repair mode and I am trying to figure out how to
restore this one group from the backup that was made a couple of weeks ago?
I saw the ntdsutil but does that pull from the last system state backup???
How do I point this to use the backup file that I created from a couple of
weeks ago? Thanks for your help in advance. |
|
| Back to top |
|
 |
Simon Geary
Guest
|
| Posted:
Thu Jan 13, 2005 7:02 pm Post subject:
Re: Restoring group object from system state backup |
|
|
To restore an individual group you must first do a non-authoritative
restore. While you are in Directory Services restore mode use ntbackup to
restore the system state of your choice (Do not reboot when prompted)
Once the correct system state has been restored, use ntdsutil to do a
'restore subtree' command to mark the restore of your group as
authoritative.
Read these for more detailed instructions:
http://support.microsoft.com/?id=280079
http://support.microsoft.com/?id=241594
An alternative to the above might be a product that reanimates deleted
objects. When you delete something in 2003 AD it is not immediately deleted
but is moved to a sort of AD recycle bin. Check out this to see if it will
help http://wm.quest.com/products/objectrestoread/
p.s. You should change the permissions on all your important OUs and Groups
so that the Delete permission is denied to everyone.
"Doug Danco" <Doug Danco@discussions.microsoft.com> wrote in message
news:FF03A1FC-9227-45D0-B430-BD043C348C05@microsoft.com...
| Quote: | Hello,
I did a system state backup a couple of weeks ago and it turns out a group
got deleted out of Active Dir. I rebooted the Domain Controller and
pressed
F8 to get into Dir. Serv. repair mode and I am trying to figure out how to
restore this one group from the backup that was made a couple of weeks
ago?
I saw the ntdsutil but does that pull from the last system state backup???
How do I point this to use the backup file that I created from a couple of
weeks ago? Thanks for your help in advance. |
|
|
| Back to top |
|
|
Doug Danco
Guest
|
| Posted:
Thu Jan 13, 2005 7:21 pm Post subject:
Re: Restoring group object from system state backup |
|
|
Hmmm ok thanks but here is a couple of different problems (Windows 2000 AD)
I tried to go to backup and click on the previous backup file and the system
state backup but it was greyed out????
I tried to go to a different Domain controller and when it came time to sign
into it (in Dir. Serv. Repair Mode) it said a Domain Controller could not be
found that is the old PDC from a NT Domain these were upgraded to AD).
Thanks for your help so far.
"Simon Geary" wrote:
| Quote: | To restore an individual group you must first do a non-authoritative
restore. While you are in Directory Services restore mode use ntbackup to
restore the system state of your choice (Do not reboot when prompted)
Once the correct system state has been restored, use ntdsutil to do a
'restore subtree' command to mark the restore of your group as
authoritative.
Read these for more detailed instructions:
http://support.microsoft.com/?id=280079
http://support.microsoft.com/?id=241594
An alternative to the above might be a product that reanimates deleted
objects. When you delete something in 2003 AD it is not immediately deleted
but is moved to a sort of AD recycle bin. Check out this to see if it will
help http://wm.quest.com/products/objectrestoread/
p.s. You should change the permissions on all your important OUs and Groups
so that the Delete permission is denied to everyone.
"Doug Danco" <Doug Danco@discussions.microsoft.com> wrote in message
news:FF03A1FC-9227-45D0-B430-BD043C348C05@microsoft.com...
Hello,
I did a system state backup a couple of weeks ago and it turns out a group
got deleted out of Active Dir. I rebooted the Domain Controller and
pressed
F8 to get into Dir. Serv. repair mode and I am trying to figure out how to
restore this one group from the backup that was made a couple of weeks
ago?
I saw the ntdsutil but does that pull from the last system state backup???
How do I point this to use the backup file that I created from a couple of
weeks ago? Thanks for your help in advance.
|
|
|
| Back to top |
|
|
Doug Danco
Guest
|
| Posted:
Thu Jan 13, 2005 8:13 pm Post subject:
Re: Restoring group object from system state backup |
|
|
Ok, I did the non-authoritive restore from the backup and it worked fine.
Now when I type the authoritative restore command I get the following error
(I couldn't find anything on the support KB about it)
Opening DIT database
Could not initialize the Jet Enginer: Jet Error -528
Authoritative Restore Failed.
Error 8000ffff parsing input - illegal syntax?
Any ideas
"Simon Geary" wrote:
| Quote: | To restore an individual group you must first do a non-authoritative
restore. While you are in Directory Services restore mode use ntbackup to
restore the system state of your choice (Do not reboot when prompted)
Once the correct system state has been restored, use ntdsutil to do a
'restore subtree' command to mark the restore of your group as
authoritative.
Read these for more detailed instructions:
http://support.microsoft.com/?id=280079
http://support.microsoft.com/?id=241594
An alternative to the above might be a product that reanimates deleted
objects. When you delete something in 2003 AD it is not immediately deleted
but is moved to a sort of AD recycle bin. Check out this to see if it will
help http://wm.quest.com/products/objectrestoread/
p.s. You should change the permissions on all your important OUs and Groups
so that the Delete permission is denied to everyone.
"Doug Danco" <Doug Danco@discussions.microsoft.com> wrote in message
news:FF03A1FC-9227-45D0-B430-BD043C348C05@microsoft.com...
Hello,
I did a system state backup a couple of weeks ago and it turns out a group
got deleted out of Active Dir. I rebooted the Domain Controller and
pressed
F8 to get into Dir. Serv. repair mode and I am trying to figure out how to
restore this one group from the backup that was made a couple of weeks
ago?
I saw the ntdsutil but does that pull from the last system state backup???
How do I point this to use the backup file that I created from a couple of
weeks ago? Thanks for your help in advance.
|
|
|
| Back to top |
|
|
Simon Geary
Guest
|
| Posted:
Fri Jan 14, 2005 2:20 am Post subject:
Re: Restoring group object from system state backup |
|
|
I've not seen that one before, what command were you using with ntdsutil?
"Doug Danco" <DougDanco@discussions.microsoft.com> wrote in message
news:DF2B3D01-184E-45EB-BD1A-6A900B4EEAFA@microsoft.com...
| Quote: | Ok, I did the non-authoritive restore from the backup and it worked fine.
Now when I type the authoritative restore command I get the following
error
(I couldn't find anything on the support KB about it)
Opening DIT database
Could not initialize the Jet Enginer: Jet Error -528
Authoritative Restore Failed.
Error 8000ffff parsing input - illegal syntax?
Any ideas
"Simon Geary" wrote:
To restore an individual group you must first do a non-authoritative
restore. While you are in Directory Services restore mode use ntbackup to
restore the system state of your choice (Do not reboot when prompted)
Once the correct system state has been restored, use ntdsutil to do a
'restore subtree' command to mark the restore of your group as
authoritative.
Read these for more detailed instructions:
http://support.microsoft.com/?id=280079
http://support.microsoft.com/?id=241594
An alternative to the above might be a product that reanimates deleted
objects. When you delete something in 2003 AD it is not immediately
deleted
but is moved to a sort of AD recycle bin. Check out this to see if it
will
help http://wm.quest.com/products/objectrestoread/
p.s. You should change the permissions on all your important OUs and
Groups
so that the Delete permission is denied to everyone.
"Doug Danco" <Doug Danco@discussions.microsoft.com> wrote in message
news:FF03A1FC-9227-45D0-B430-BD043C348C05@microsoft.com...
Hello,
I did a system state backup a couple of weeks ago and it turns out a
group
got deleted out of Active Dir. I rebooted the Domain Controller and
pressed
F8 to get into Dir. Serv. repair mode and I am trying to figure out how
to
restore this one group from the backup that was made a couple of weeks
ago?
I saw the ntdsutil but does that pull from the last system state
backup???
How do I point this to use the backup file that I created from a couple
of
weeks ago? Thanks for your help in advance.
|
|
|
| Back to top |
|
|
Doug Danco
Guest
|
| Posted:
Fri Jan 14, 2005 5:51 pm Post subject:
Re: Restoring group object from system state backup |
|
|
restore subtree cn=Groupname,cn=Users,dc=domain,dc=com
Windows 2000 AD
"Simon Geary" wrote:
| Quote: | I've not seen that one before, what command were you using with ntdsutil?
"Doug Danco" <DougDanco@discussions.microsoft.com> wrote in message
news:DF2B3D01-184E-45EB-BD1A-6A900B4EEAFA@microsoft.com...
Ok, I did the non-authoritive restore from the backup and it worked fine.
Now when I type the authoritative restore command I get the following
error
(I couldn't find anything on the support KB about it)
Opening DIT database
Could not initialize the Jet Enginer: Jet Error -528
Authoritative Restore Failed.
Error 8000ffff parsing input - illegal syntax?
Any ideas
"Simon Geary" wrote:
To restore an individual group you must first do a non-authoritative
restore. While you are in Directory Services restore mode use ntbackup to
restore the system state of your choice (Do not reboot when prompted)
Once the correct system state has been restored, use ntdsutil to do a
'restore subtree' command to mark the restore of your group as
authoritative.
Read these for more detailed instructions:
http://support.microsoft.com/?id=280079
http://support.microsoft.com/?id=241594
An alternative to the above might be a product that reanimates deleted
objects. When you delete something in 2003 AD it is not immediately
deleted
but is moved to a sort of AD recycle bin. Check out this to see if it
will
help http://wm.quest.com/products/objectrestoread/
p.s. You should change the permissions on all your important OUs and
Groups
so that the Delete permission is denied to everyone.
"Doug Danco" <Doug Danco@discussions.microsoft.com> wrote in message
news:FF03A1FC-9227-45D0-B430-BD043C348C05@microsoft.com...
Hello,
I did a system state backup a couple of weeks ago and it turns out a
group
got deleted out of Active Dir. I rebooted the Domain Controller and
pressed
F8 to get into Dir. Serv. repair mode and I am trying to figure out how
to
restore this one group from the backup that was made a couple of weeks
ago?
I saw the ntdsutil but does that pull from the last system state
backup???
How do I point this to use the backup file that I created from a couple
of
weeks ago? Thanks for your help in advance.
|
|
|
| Back to top |
|
|
Simon Geary
Guest
|
| Posted:
Fri Jan 14, 2005 9:45 pm Post subject:
Re: Restoring group object from system state backup |
|
|
I have done a bit more research on this and it turns out that you can only
do an authoritative restore of a group if all users who were a member of
that group when it was backed up are present in the domain. So if you
deleted any user accounts that were members of the group after the group was
backed up you will have to restore these user accounts before you can
restore the group.
"Doug Danco" <DougDanco@discussions.microsoft.com> wrote in message
news:BF925DA0-B44E-4333-B7A1-445B9D09F78E@microsoft.com...
| Quote: | restore subtree cn=Groupname,cn=Users,dc=domain,dc=com
Windows 2000 AD
"Simon Geary" wrote:
I've not seen that one before, what command were you using with ntdsutil?
"Doug Danco" <DougDanco@discussions.microsoft.com> wrote in message
news:DF2B3D01-184E-45EB-BD1A-6A900B4EEAFA@microsoft.com...
Ok, I did the non-authoritive restore from the backup and it worked
fine.
Now when I type the authoritative restore command I get the following
error
(I couldn't find anything on the support KB about it)
Opening DIT database
Could not initialize the Jet Enginer: Jet Error -528
Authoritative Restore Failed.
Error 8000ffff parsing input - illegal syntax?
Any ideas
"Simon Geary" wrote:
To restore an individual group you must first do a non-authoritative
restore. While you are in Directory Services restore mode use ntbackup
to
restore the system state of your choice (Do not reboot when prompted)
Once the correct system state has been restored, use ntdsutil to do a
'restore subtree' command to mark the restore of your group as
authoritative.
Read these for more detailed instructions:
http://support.microsoft.com/?id=280079
http://support.microsoft.com/?id=241594
An alternative to the above might be a product that reanimates deleted
objects. When you delete something in 2003 AD it is not immediately
deleted
but is moved to a sort of AD recycle bin. Check out this to see if it
will
help http://wm.quest.com/products/objectrestoread/
p.s. You should change the permissions on all your important OUs and
Groups
so that the Delete permission is denied to everyone.
"Doug Danco" <Doug Danco@discussions.microsoft.com> wrote in message
news:FF03A1FC-9227-45D0-B430-BD043C348C05@microsoft.com...
Hello,
I did a system state backup a couple of weeks ago and it turns out a
group
got deleted out of Active Dir. I rebooted the Domain Controller and
pressed
F8 to get into Dir. Serv. repair mode and I am trying to figure out
how
to
restore this one group from the backup that was made a couple of
weeks
ago?
I saw the ntdsutil but does that pull from the last system state
backup???
How do I point this to use the backup file that I created from a
couple
of
weeks ago? Thanks for your help in advance.
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in